This lab simulates a scenario where a Windows VM is infected by an Exploitation Kit (EK). You'll be acting as a security blue team member and analyzing a PCAP file to investigate the attack further.

What you'll learn:

*   How to identify the infected machine based on network traffic.

*   Analyze the infection chain, including compromised websites and Exploit Kit servers.

*   Extract details like malicious script URLs and potential exploit file hashes.

*   Identify the exploited vulnerability (CVE).

*   Understand the role of redirect URLs in exploit kit attacks.

Tools:

This lab allows you flexibility to use your preferred tool. Here are some options mentioned:

  *   Wireshark

  *    Zui/Brim

  *   NetworkMiner 

Challenge Questions:

The lab provides ten challenge questions that will guide you through the investigation. Each question includes a detailed walkthrough explaining how to find the answer using the PCAP file and your chosen tool.

Here's a sneak peek at the questions you'll be tackling:

  *   Identifying the Infected Machine:&n